PingOne Platform APIs

Step 1b: Upload the SAML application’s signing key (Optional)

 

POST {{apiPath}}/environments/{{envID}}/keys

Optionally, the POST {{apiPath}}/environments/{{envID}}/keys endpoint can be used to upload the external identity provider’s signing key file. This operation supports the application/x-pkcs12-certificates media type to upload a pkcs12file. The pkscS12 file can be encrypted or unencrypted. If the file is encrypted without a specified export password, an INVALID_DATA error is returned.

The response returns a 201 Created message and shows the certificate data parsed from the uploaded certificate file.

Headers

Authorization      Bearer {{accessToken}}

Content-Type      multipart/form-data; boundary=<calculated when request is sent>

Body

formdata

Key Type Value

usageType

text

ENCRYPTION

file

file

password

text

Optional for encrypted files

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/keys' \
--header 'Authorization: Bearer {{accessToken}}' \
--form 'usageType="ENCRYPTION"' \
--form 'file=@"/Users/joeygallotta/Desktop/mycert.pfx"'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/keys")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Authorization", "Bearer {{accessToken}}");
request.AlwaysMultipartFormData = true;
request.AddParameter("usageType", "ENCRYPTION");
request.AddFile("file", "/Users/joeygallotta/Desktop/mycert.pfx");
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "bytes"
  "mime/multipart"
  "os"
  "path/filepath"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/keys"
  method := "POST"

  payload := &bytes.Buffer{}
  writer := multipart.NewWriter(payload)
  _ = writer.WriteField("usageType", "ENCRYPTION")
  file, errFile2 := os.Open("/Users/joeygallotta/Desktop/mycert.pfx")
  defer file.Close()
  part2,
         errFile2 := writer.CreateFormFile("file",filepath.Base("/Users/joeygallotta/Desktop/mycert.pfx"))
  _, errFile2 = io.Copy(part2, file)
  if errFile2 != nil {
    fmt.Println(errFile2)
    return
  }
  err := writer.Close()
  if err != nil {
    fmt.Println(err)
    return
  }


  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  req.Header.Set("Content-Type", writer.FormDataContentType())
  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/keys HTTP/1.1
Host: {{apiPath}}
Authorization: Bearer {{accessToken}}
Content-Length: 298
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW

------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="usageType"

ENCRYPTION
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="file"; filename="mycert.pfx"
Content-Type: <Content-Type header here>

(data)
------WebKitFormBoundary7MA4YWxkTrZu0gW--
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = new MultipartBody.Builder().setType(MultipartBody.FORM)
  .addFormDataPart("usageType","ENCRYPTION")
  .addFormDataPart("file","mycert.pfx",
    RequestBody.create(MediaType.parse("application/octet-stream"),
    new File("/Users/joeygallotta/Desktop/mycert.pfx")))
  .build();
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/keys")
  .method("POST", body)
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .addHeader("Content-Length", "")
  .build();
Response response = client.newCall(request).execute();
var form = new FormData();
form.append("usageType", "ENCRYPTION");
form.append("file", fileInput.files[0], "mycert.pfx");

var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/keys",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Authorization": "Bearer {{accessToken}}",
    "Content-Length": ""
  },
  "processData": false,
  "mimeType": "multipart/form-data",
  "contentType": false,
  "data": form
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var fs = require('fs');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/keys',
  'headers': {
    'Authorization': 'Bearer {{accessToken}}',
    'Content-Length': ''
  },
  formData: {
    'usageType': 'ENCRYPTION',
    'file': {
      'value': fs.createReadStream('/Users/joeygallotta/Desktop/mycert.pfx'),
      'options': {
        'filename': 'mycert.pfx',
        'contentType': null
      }
    }
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests

url = "{{apiPath}}/environments/{{envID}}/keys"

payload = {'usageType': 'ENCRYPTION'}
files=[
  ('file',('mycert.pfx',open('/Users/joeygallotta/Desktop/mycert.pfx','rb'),'application/octet-stream'))
]
headers = {
  'Authorization': 'Bearer {{accessToken}}',
  'Content-Length': ''
}

response = requests.request("POST", url, headers=headers, data=payload, files=files)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/keys');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Authorization' => 'Bearer {{accessToken}}',
  'Content-Length' => ''
));
$request->addPostParameter(array(
  'usageType' => 'ENCRYPTION'
));
$request->addUpload('file', '/Users/joeygallotta/Desktop/mycert.pfx', 'mycert.pfx', '<Content-Type Header>');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/keys")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Authorization"] = "Bearer {{accessToken}}"
request["Content-Length"] = ""
form_data = [['usageType', 'ENCRYPTION'],['file', File.open('/Users/joeygallotta/Desktop/mycert.pfx')]]
request.set_form form_data, 'multipart/form-data'
response = http.request(request)
puts response.read_body
let parameters = [
  [
    "key": "usageType",
    "value": "ENCRYPTION",
    "type": "text"
  ],
  [
    "key": "file",
    "src": "/Users/joeygallotta/Desktop/mycert.pfx",
    "type": "file"
  ]] as [[String: Any]]

let boundary = "Boundary-\(UUID().uuidString)"
var body = Data()
var error: Error? = nil
for param in parameters {
  if param["disabled"] != nil { continue }
  let paramName = param["key"]!
  body += Data("--\(boundary)\r\n".utf8)
  body += Data("Content-Disposition:form-data; name=\"\(paramName)\"".utf8)
  if param["contentType"] != nil {
    body += Data("\r\nContent-Type: \(param["contentType"] as! String)".utf8)
  }
  let paramType = param["type"] as! String
  if paramType == "text" {
    let paramValue = param["value"] as! String
    body += Data("\r\n\r\n\(paramValue)\r\n".utf8)
  } else {
    let paramSrc = param["src"] as! String
    let fileURL = URL(fileURLWithPath: paramSrc)
    if let fileContent = try? Data(contentsOf: fileURL) {
      body += Data("; filename=\"\(paramSrc)\"\r\n".utf8)
      body += Data("Content-Type: \"content-type header\"\r\n".utf8)
      body += Data("\r\n".utf8)
      body += fileContent
      body += Data("\r\n".utf8)
    }
  }
}
body += Data("--\(boundary)--\r\n".utf8);
let postData = body


var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/keys")!,timeoutInterval: Double.infinity)
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.addValue("", forHTTPHeaderField: "Content-Length")
request.addValue("multipart/form-data; boundary=\(boundary)", forHTTPHeaderField: "Content-Type")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/keys/03a2fdb0-2e8d-41db-bcd8-335c1d69fe89"
        }
    },
    "id": "03b2fdb0-2e8d-41db-bcd8-325c1d69fe79",
    "name": "My Cert",
    "serialNumber": 6.17175200821504475277631771142055122214800614462e+47,
    "subjectDN": "EMAILADDRESS=NA, CN=NA, OU=Test, O=Test, L=OC, ST=CA, C=US",
    "issuerDN": "EMAILADDRESS=NA, CN=NA, OU=Test, O=Test, L=OC, ST=CA, C=US",
    "algorithm": "RSA",
    "keyLength": 2048,
    "createdAt": "2024-04-19T18:20:54.081Z",
    "startsAt": "2024-04-18T22:55:54.000Z",
    "expiresAt": "2027-01-13T22:55:54.000Z",
    "validityPeriod": 1000,
    "signatureAlgorithm": "SHA256withRSA",
    "usageType": "ENCRYPTION",
    "status": "VALID",
    "organization": {
        "id": "bed432e6-676a-4ebe-b5a5-6b3b54e46bda"
    },
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "default": false
}